Why people hack Facebook accounts

I’ve seen several people I know ask me recently why people hack Facebook accounts. Their Facebook accounts got hacked recently, and they couldn’t figure out why.

I know why. It probably wasn’t Sanford Wallace doing it, but it probably was someone just like him.

So who is Sanford Wallace and why does he want in your Facebook account?
The scam goes something like this: He sets up an arrangement with an affiliate marketing company. Then he steals a bunch of Facebook accounts, posts links on those accounts’ walls containing links to those affiliate marketers. And when people click on those links, the affiliate marketer pays him a little money. It could be as little as a penny, or as much as a couple of dollars.

With enough volume–Wallace is accused of stealing 500,000 accounts and posting 27 million links, so that gives you an idea–it can end up being a really big pile of pocket change. So, no, the scammer isn’t logging into your Facebook account and using it. He’s feeding usernames and passwords into a computer program that logs into those accounts and posts the spammy links. So the computer does the work, and he sits back and collects money until he gets caught.

It’s a profitable, lazy second career for e-mail spammers, who last decade grew accustomed to making millions of dollars a year while working four hours a week.

One thing I hear over and over again is, “I’m nobody. Why would anyone want to hack into my Facebook account?”

That’s the thing. If someone hacks into David Hasselhoff’s Facebook account–to pick on a random celebrity–someone probably is going to notice quickly and complain that David Hasselhoff is trying to sell them a new mortgage or questionable pills. If you’re nobody, that link to a new mortgage or new pill has more credibility. And with fewer people watching, it will take longer for someone to realize it’s junk and complain, so therefore they have control of the account longer. Therefore, the less famous you are, the more useful–and therefore valuable–your Facebook account probably is.

And yes, you are nobody to these people. All you are is a username and a password that they fed into a computer program. Well, that and a revenue stream.

I’ve said it so many times I’ve lost count, but this is why you need to use strong passwords. Using four unrelated words makes for a surprisingly strong password. The chances of guessing one of those is rather large. Perhaps it’s as large as one in 9.994E+19. Grab a book, turn to four random pages and point to one random word off each page.

For comparison’s sake, the chances of guessing an 8-character, lowercase password are 1 in 200 billion, and the chances of guessing a word in a dictionary are around 1 in a million.

What I know for certain is that being one in a million is nowhere near good enough and being one in 200 billion is inadequate too. Technology is changing fast, but one in 9.994E+19 ought to be good enough for a few years.